| F5BI-DN-300011 - The F5 BIG-IP DNS implementation must prohibit recursion on authoritative name servers. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300012 - The validity period for the RRSIGs covering a zone's DNSKEY RRSet must be no less than two days and no more than one week. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300013 - An authoritative name server must be configured to enable DNSSEC Resource Records. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300014 - Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300015 - The F5 BIG-IP DNS must use valid root name servers in the local root zone file. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300016 - The platform on which the name server software is hosted must be configured to respond to DNS traffic only. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300017 - The digital signature algorithm used for DNSSEC-enabled zones must be set to use RSA/SHA256 or RSA/SHA512. | CONFIGURATION MANAGEMENT |
| F5BI-DN-300020 - The F5 BIG-IP DNS server implementation must validate the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer). | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| F5BI-DN-300028 - A BIG-IP DNS server implementation must provide additional data origin artifacts along with the authoritative data the system returns in response to external name/address resolution queries. | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300030 - The validity period for the RRSIGs covering the DS RR for a zones delegated children must be no less than two days and no more than one week. | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300036 - The F5 BIG-IP DNS implementation must protect the authenticity of communications sessions for zone transfers. | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300039 - The F5 BIG-IP DNS server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
